package com.teamsun.util;

import java.util.Map;

/**
 * 防SQL注入
 */
public class AntiSQLInject {

    //public final static String regex = "'|%|--|and|or|not|use|insert|delete|update|select|count|group|union" +
    //        "|create|drop|truncate|alter|grant|execute|exec|xp_cmdshell|call|declare|source|sql";

    public final static String regex = "'|;|--";

    /**
     * 把SQL关键字替换为空字符串
     * @param requestParam
     * @return
     */
    public static void filter(Map<String, String> requestParam) {
        if(requestParam != null && requestParam.size() > 0) {
            for(Map.Entry<String, String> entry : requestParam.entrySet()) {
                String value = entry.getValue();
                String key = entry.getKey();

                // 将包含有 单引号(')，分号(;) 和 注释符号(--)的语句给替换掉来防止SQL注入
                value = value.replaceAll("(?i)" + regex, ""); // (?i)不区分大小写替换
                requestParam.put(key, value);
            }
        }
    }

    public static void main(String[] args) {

    }
}
